URLConnection GET with API Key

Ezekiel_Burke · April 15, 2021, 12:53am

I think I am just having a moment. I am trying to get data from a API (specifically: Account) I can get the JSON data from curl but I was hoping to use URLConnection. I can’t seem to figure out where to put the API key? I see docs for basic authentication but none for API key.

Paul_Lefebvre · April 15, 2021, 1:10am

Looks like that might be set in the header.

https://documentation.xojo.com/api/networking/urlconnection.html#urlconnection-requestheader

Ezekiel_Burke · April 15, 2021, 1:24am

Thanks Paul…not sure how I missed that one. Have a good night!

Gert_Steenkamp1 · April 30, 2025, 3:58pm

Hi All
Apologies for reopening this conversation but I need help with the requestheader in urlconnection
The api specifies the following:

securitySchemes:
    XApiKeyAuth:       # arbitrary name for the security scheme
      type: apiKey
      in: header         # can be "header", "query" or "cookie"
      name: X-API-KEY  # name of the header, query parameter or cookie
      
security:
  - XApiKeyAuth: []     # use the same name as under securitySchemes

I tried the following in my XOJO code based on what I could get working in Postman (with key obviously not the actual key:

var url as String = "https://192.168.1.x/Agent/api/v1/version"

var endpointURL as URLConnection = new PlateTechGetConnection
try
  
  var APIKEY as string = "abcdabcd-1111-4000-fffff"
  endpointURL.RequestHeader("X-API-KEY")=APIKEY
  
  Var content As String
  content = endpointURL.SendSync("GET", url)
  
catch e as NetworkException
  system.DebugLog(e.Message)
  
  
end

The problem is:
I don’t know if I need to add something to the header or not, or maybe specify some name=“xx”
I get a runtime exception “A security error occurred” no matter what I try - even with encodebase64

any help will be appreciated.

Andrew_Lambert · April 30, 2025, 4:15pm

I wonder if it’s failing to validate the SSL certificate. I assume it’s a self-signed certificate, based on the local IP address of the URL. Try:

endpointURL.AllowCertificateValidation = False

Gert_Steenkamp1 · April 30, 2025, 5:04pm

Thanks Andrew
That was just that!
MUCH appreciated!

Anthony_Dellos · April 30, 2025, 5:10pm

@Gert_Steenkamp1 - if you’re ever going to use this with a public API, make sure to set this value back to True!

Gert_Steenkamp1 · April 30, 2025, 5:22pm

Noted Anthony
This is mostly local - but we will see where it goes.
Now for the put and post parts